1. Simon, thank you for taking the time to explain this complicated process, and in particular, the fact that “Extensions in certificates are not transferred to certificate requests and vice versa.” With your help, I was able to configure a CA and then request and sign certificates that include SANs.

    To answer the unknown regarding whether or not it is necessary to include and un-comment “copy_extensions = copy”, the answer is affirmative. I was required to un-comment this line. Until I did so, the SANs were not included in the resultant certificate. You may wish to edit the article to assert this requirement definitively; I lost a few hairs over it.

    Thanks again!

Leave a Reply